A fresh controversy over the alleged misuse of spyware has emerged in Europe after claims that the mobile phone of former European Parliament member and veteran journalist Stelios Kouloglou was repeatedly hacked using Pegasus spyware. According to a new digital forensic report, Kouloglou was targeted several times while serving on the European Parliament’s special PEGA Committee, which was investigating the alleged misuse of Pegasus spyware. The revelations have renewed concerns over digital surveillance, the security of democratic institutions, and the privacy of elected representatives across Europe.
The report says the available technical evidence does not conclusively identify the government or agency responsible for the cyberattacks. However, digital indicators suggest that the operation closely resembles an earlier espionage campaign that targeted exiled Russian and Belarusian journalists and opposition activists living in Europe. Investigators believe the similarities raise the possibility that the same operator, or one using the same technical infrastructure, may have been involved.
According to the investigation, signs of Pegasus infection first appeared on Kouloglou’s mobile phone on 21 October 2022. At the time, the PEGA Committee was preparing its first comprehensive report on the use of spyware across Europe. The committee was examining alleged surveillance cases, compliance with European laws, and the impact of spyware on civil liberties. The timing of the alleged compromise has therefore been viewed as particularly significant.
Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference
The report further states that Pegasus-related activity was again detected on Kouloglou’s device on 6 and 7 March 2023, when the committee was holding intensive discussions to finalize its report. The alleged attacks also coincided with Kouloglou’s travel from Athens to Brussels, leading investigators to conclude that the incidents aligned with key stages of the committee’s work.
Pegasus is an advanced spyware developed by Israeli cyber-intelligence company NSO Group. The company has consistently maintained that its software is sold only to authorized government agencies for combating serious crime and terrorism. Nevertheless, Pegasus has been linked to numerous allegations worldwide involving the surveillance of journalists, opposition politicians, human rights activists, lawyers, and public officials, making it one of the most controversial cyber-surveillance tools in recent years.
The European Parliament established the PEGA Committee in 2022 following the international Pegasus Project revelations. The committee was tasked with examining whether spyware had been used lawfully within European Union member states or whether it had been misused in violation of democratic and legal standards. As part of its inquiry, the committee heard testimony from experts, journalists, technical specialists, and individuals who claimed they had been targeted by surveillance.
The report also notes that the first alleged compromise occurred while Kouloglou was hospitalized for elective surgery and was visited by Greek investigative journalist Thanasis Koukakis. Koukakis had previously been at the center of Greece’s spyware surveillance controversy and had testified before the European Parliament’s inquiry committee regarding his own experience.
Investigators also identified recurring digital indicators, including the repeated use of the same Apple ID-related artifact across multiple attacks. According to the report, these findings strengthen the possibility that the same Pegasus operator also targeted Kouloglou as well as seven Russian- and Belarusian-speaking journalists and opposition activists based in Europe. The report further suggests that the operator likely possessed licenses to deploy Pegasus in Belgium and Greece, although this could not be independently verified.
A researcher at Algoritha Security said modern spyware has become sophisticated enough to compromise devices without requiring victims to click on malicious links or download infected files. Such “zero-click” attacks can silently gain access to sensitive information. The researcher added that elected representatives, journalists, government officials, and other high-risk individuals should adopt robust cybersecurity measures, including timely software updates, regular digital forensic assessments, encrypted communications, and enhanced mobile security practices to reduce the risk of advanced spyware attacks.
